EPSRC Centre for Doctoral Training in Cyber Security for the Everyday

The 2015 UK National Security Strategy identifies cyber security as one of the top four UK national security priorities. The UK National Cyber Security Strategy 2016-2021 (NCSS) has an underlying vision to make the UK secure and resilient to cyber threats, prosperous and confident in the digital world. It is widely recognised that the UK, indeed the world, is short of cyber security specialists.

Cyber security is genuinely cross-disciplinary. It's about technology, and the networks and systems within which technology is deployed. But it's also about society and how it engages with technology. Researching the right questions requires researchers to fully understand the integrated nature of the cyber security landscape. A CDT provides the perfect vehicle within which suitably broad training can be provided. The establishment of a cohort of researchers with different backgrounds and experience allows this knowledge to be cultivated within a rich environment, where the facts of hard science can be blended with the perspectives and nuances of more social dimensions.

While society has made progress in developing the technology that underpins security, privacy and trust in cyberspace, we lag behind in our understanding of how society engages with this technology. Much more fundamentally, we don't even really understand how society engages with the concepts of security, privacy and trust in the first place. We will host a CDT in Cyber Security for the Everyday, which signals that research in our CDT will focus on the technologies deployed in everyday digital systems, as well as the everyday societal experience of security.

Research in our CDT will investigate the security of emerging technologies. As cyberspace continues to evolve, so, too, do the technologies required to secure its future. Research topics include the cryptographic tools that underpin all security technologies, the security of the systems within which these tools are deployed, the use of artificial intelligence to aid discovery of system vulnerabilities, and security and privacy of everyday objects which are becoming embedded in cyberspace. Our CDT will also research how to secure cyber societies. Securing increasingly networked, automated, and autonomous societies requires an integrated research approach which engages the social, technological, cultural, legal, social-psychological and political on equal terms. Research topics include exploring state, institutional and corporate responsibility over how information is gathered and used, investigating how cyber security is perceived, understood and practiced by different communities, and researching how social differences and societal inequalities affect notions of, and issues relating to, cyber security.

Our training programme will be based around a suite of relevant masters programmes at Royal Holloway, including in Information Security, Geopolitics and Security, and Data Science. This will be supplemented by workshops, practice labs, and a comprehensive generic skills programme. Students will work closely with the wider cyber security community through a series of industry engagement sessions and visits, summer projects, and three-month internships. Peer-to-peer learning will be fostered through group challenges, workshop design and delivery, reading groups and a social programme.

People. The most obvious impact of RHUL's cyber security CDT will be its production of 50 PhD-level graduates during its lifetime. CDT graduates will be "industry-ready": through industry placements, they will have exposure to real-world cyber security problems and working environments; because of the breadth of our training programme, they will gain exposure to cyber security in all its forms; through involvement of our external partners at all stages of the CDT, the students will be exposed to the language and culture of industry, government and other sectors. At the same time, they will benefit from generic skills training, equipping them with a broad set of skills that will be of use in their subsequent workplaces. They will also engage in PhD-level research projects that will lead to them developing deep topic-specific knowledge as well as general analytical skills. There is a growing demand for graduates with these skill-sets. While RHUL already has demonstrably close relationships with key external players, our CDT represents an opportunity for us to enhance our existing links and develop new ones. Moreover, our own research will be strengthened by working with the best external researchers.

Economy. The nature of our cyber security research and the planned industrial involvement in influencing the selection of research topics means that there will be significant commercialisation opportunities arising from the research produced by this CDT. RHUL cyber security researchers have more than 80 years of experience working in industry, either in research, development or customer-facing environments, and are named inventors on more than 30 patents. We are closely supported by the Royal Holloway Enterprise Centre, who have expertise in business development, securing venture capital funding, and IPR protection. RHUL's Institute for Cyber Security Innovation provides business research and training support. We also have an on-campus incubation centre which has hosted a number of spin-out companies. We are thus thoroughly prepared to identify and exploit commercialisation opportunities arising from the CDT.

Knowledge. The CDT will make substantial and original contributions to knowledge in cyber security. Following institutional policy, all research is made available to the public for free in some form, either through open access publishing,the institution's research repository or via subject-specific on-line archives. The research will also published in conference venues which, by their nature, are regularly attended by large numbers of delegates from outside of academia. Other impact routes for our knowledge include Industry Fora (RHUL is an active academic member of the I4 and ISF organisations, which are influential industry fora), Business Events (RHUL researchers regularly speak at events such as InfoSec London, RSA Conference), Standards Bodies (several staff are active in international standards bodies), Consulting (staff have consulted for more than 100 organisations in the last 30 years), Industry-focused Events (RHUL hosts several external facing events each year, including the annual CDT Showcase, HP Colloquium, and ISG Open Day).

Society. One of the longer-term impacts of our research is to provide mechanisms that help to enhance confidence and trust in the on-line society for ordinary citizens, leading in turn to quality of life enhancement. Our work on the socio-technical dimensions of security and privacy gives us a means to influence government policy to the betterment of society at large. We work closely with government departments such as the Cabinet Office to provide advice on privacy, security and design issues. We also communicate research findings through more widely accessible media, press engagement, speaking at public events, and working with schools (CDT students will take part in the annual Smallpeice Trust Cyber Security residential for Year 9 students).